unofficial mirror of bug-guix@gnu.org 
 help / color / mirror / code / Atom feed
* bug#41908: guix time-machine fails; XXXX is not related to introductory commit of channel 'guix'
@ 2020-06-17  9:27 Jan Nieuwenhuizen
  2020-06-18 22:29 ` zimoun
  2020-06-19 21:17 ` Ludovic Courtès
  0 siblings, 2 replies; 15+ messages in thread
From: Jan Nieuwenhuizen @ 2020-06-17  9:27 UTC (permalink / raw)
  To: 41908

Hi,

After pulling this morning, guix time-machine fails, look:

--8<---------------cut here---------------start------------->8---
$ guix pull --commit=559491ea5b36b89b2a2f9d48dacf6a2d7e219910
Updating channel 'guix' from Git repository at 'https://git.savannah.gnu.org/git/guix.git'...
Building from this channel:
  guix      https://git.savannah.gnu.org/git/guix.git	559491e
[...]
hint: Run `guix pull --news' to read all the news.

11:23:19 janneke@dundal:~/src/guix/master
$ guix time-machine --commit=36640207c9543e48cd6daa92930f023f80065a5d -- environment hello
Updating channel 'guix' from Git repository at 'https://git.savannah.gnu.org/git/guix.git'...
guix time-machine: error: '36640207c9543e48cd6daa92930f023f80065a5d' is not related to introductory commit of channel 'guix'

[1]11:23:25 janneke@dundal:~/src/guix/master
git log --pretty=oneline | grep 36640207c9543e48cd6daa92930f023f80065a5d
36640207c9543e48cd6daa92930f023f80065a5d quirks: Build 'compute-guix-derivation' modules with 2.2 when needed.
--8<---------------cut here---------------end--------------->8---

Am I missing something?

Greetings,
Janneke

-- 
Jan Nieuwenhuizen <janneke@gnu.org> | GNU LilyPond http://lilypond.org
Freelance IT http://JoyofSource.com | Avatar® http://AvatarAcademy.com




^ permalink raw reply	[flat|nested] 15+ messages in thread

* bug#41908: guix time-machine fails; XXXX is not related to introductory commit of channel 'guix'
  2020-06-17  9:27 bug#41908: guix time-machine fails; XXXX is not related to introductory commit of channel 'guix' Jan Nieuwenhuizen
@ 2020-06-18 22:29 ` zimoun
  2020-06-18 23:02   ` zimoun
  2020-06-19 21:17 ` Ludovic Courtès
  1 sibling, 1 reply; 15+ messages in thread
From: zimoun @ 2020-06-18 22:29 UTC (permalink / raw)
  To: Jan Nieuwenhuizen, 41908

Dear Janneke,

On Wed, 17 Jun 2020 at 11:27, Jan Nieuwenhuizen <janneke@gnu.org> wrote:

> $ guix time-machine --commit=36640207c9543e48cd6daa92930f023f80065a5d -- environment hello
> Updating channel 'guix' from Git repository at 'https://git.savannah.gnu.org/git/guix.git'...
> guix time-machine: error: '36640207c9543e48cd6daa92930f023f80065a5d'
> is not related to introductory commit of channel 'guix'

It seems related to the new machinery about authentication, i.e., I guess:

838ac881ec * time-machine: Add '--disable-authentication'.


On my machine:

--8<---------------cut here---------------start------------->8---
guix pull --commit= -p /tmp/bug
/tmp/bug/bin/guix time-machine --commit=36640207c9543e48cd6daa92930f023f80065a5d -- environment hello
--8<---------------cut here---------------end--------------->8---

works as expected. I mean I get:

--8<---------------cut here---------------start------------->8---
Updating channel 'guix' from Git repository at 'https://git.savannah.gnu.org/git/guix.git'...
Authenticating channel 'guix', commits 9edb3f6 to 3664020 (664 new commits)...
substitute: updating substitutes from
'https://ci.guix.gnu.org'... 100.0%
[...]
^C
--8<---------------cut here---------------end--------------->8---

Then I stopped before it completes.  And I re-run the same time-machine
command and I get the same error message:

--8<---------------cut here---------------start------------->8---
Updating channel 'guix' from Git repository at 'https://git.savannah.gnu.org/git/guix.git'...
guix time-machine: error: '36640207c9543e48cd6daa92930f023f80065a5d' is not related to introductory commit of channel 'guix'
--8<---------------cut here---------------end--------------->8---

But with the new option "--disable-authentication", it works -- even it
is maybe not what you want.




^ permalink raw reply	[flat|nested] 15+ messages in thread

* bug#41908: guix time-machine fails; XXXX is not related to introductory commit of channel 'guix'
  2020-06-18 22:29 ` zimoun
@ 2020-06-18 23:02   ` zimoun
  0 siblings, 0 replies; 15+ messages in thread
From: zimoun @ 2020-06-18 23:02 UTC (permalink / raw)
  To: Jan Nieuwenhuizen, 41908

Sorry, I hit C-c C-c in the wrong buffer and sent the email before
finished it. :-)

CC: Ludo because I do not really understand all the new machinery and
what is the correct solution:
 - remove/tweak the file "~/.cache/guix/authentication/channels/guix""
or
 - use "--disable-authentication"
or
 - is it a real bug? :-)
? 

On Fri, 19 Jun 2020 at 00:29, zimoun <zimon.toutoune@gmail.com> wrote:

> It seems related to the new machinery about authentication, i.e., I guess:
>
> 838ac881ec * time-machine: Add '--disable-authentication'.

[...]

> But with the new option "--disable-authentication", it works -- even it
> is maybe not what you want.

What do you have in the file ~/.cache/guix/authentication/channels/guix?


Well, basically if I run with a fresh
~/.cache/guix/authentication/channels/guix, it works as expected:

--8<---------------cut here---------------start------------->8---
$ guix time-machine --commit=36640207c9543e48cd6daa92930f023f80065a5d -- help
Updating channel 'guix' from Git repository at 'https://git.savannah.gnu.org/git/guix.git'...
Authenticating channel 'guix', commits 9edb3f6 to 3664020 (664 new commits)...
Computing Guix derivation for 'x86_64-linux'... /
--8<---------------cut here---------------end--------------->8---

however, if I re-run the exact same command, it fails:

--8<---------------cut here---------------start------------->8---
$ guix time-machine --commit=36640207c9543e48cd6daa92930f023f80065a5d -- help
Updating channel 'guix' from Git repository at 'https://git.savannah.gnu.org/git/guix.git'...
guix time-machine: error: '36640207c9543e48cd6daa92930f023f80065a5d' is not related to introductory commit of channel 'guix'
--8<---------------cut here---------------end--------------->8---

and the file says:

--8<---------------cut here---------------start------------->8---
$ cat ~/.cache/guix/authentication/channels/guix
;; List of previously-authenticated commits.

("36640207c9543e48cd6daa92930f023f80065a5d")
--8<---------------cut here---------------end--------------->8---

Well, I do not know if it does not come from 'start-commit',
'end-commit' and 'authenticated-commits' in guix/channels.scm:
(authenticate-channel).


All the best,
simon






^ permalink raw reply	[flat|nested] 15+ messages in thread

* bug#41908: guix time-machine fails; XXXX is not related to introductory commit of channel 'guix'
  2020-06-17  9:27 bug#41908: guix time-machine fails; XXXX is not related to introductory commit of channel 'guix' Jan Nieuwenhuizen
  2020-06-18 22:29 ` zimoun
@ 2020-06-19 21:17 ` Ludovic Courtès
  2020-06-19 23:22   ` zimoun
                     ` (2 more replies)
  1 sibling, 3 replies; 15+ messages in thread
From: Ludovic Courtès @ 2020-06-19 21:17 UTC (permalink / raw)
  To: Jan Nieuwenhuizen; +Cc: 41908

Hi,

(+Cc: Marius.)

Jan Nieuwenhuizen <janneke@gnu.org> skribis:

> $ guix pull --commit=559491ea5b36b89b2a2f9d48dacf6a2d7e219910
> Updating channel 'guix' from Git repository at 'https://git.savannah.gnu.org/git/guix.git'...
> Building from this channel:
>   guix      https://git.savannah.gnu.org/git/guix.git	559491e
> [...]
> hint: Run `guix pull --news' to read all the news.
>
> 11:23:19 janneke@dundal:~/src/guix/master
> $ guix time-machine --commit=36640207c9543e48cd6daa92930f023f80065a5d -- environment hello
> Updating channel 'guix' from Git repository at 'https://git.savannah.gnu.org/git/guix.git'...
> guix time-machine: error: '36640207c9543e48cd6daa92930f023f80065a5d' is not related to introductory commit of channel 'guix'
>
> [1]11:23:25 janneke@dundal:~/src/guix/master
> git log --pretty=oneline | grep 36640207c9543e48cd6daa92930f023f80065a5d
> 36640207c9543e48cd6daa92930f023f80065a5d quirks: Build 'compute-guix-derivation' modules with 2.2 when needed.

I think ‘commit-relation’ is right: the two commits are unrelated.

AIUI, commit 36640207c9543e48cd6daa92930f023f80065a5d was made on master
(May 29) after commit 9edb3f66fd807b096b48283debdcddccfea34bad (May
26).  Thus, they really existed in different branches, and they’re
unrelated.

So we probably need to choose another introductory commit, one on
‘master’, and that has to be the merge commit for ‘staging’
(8ab70bae52f8d4b6356ec3b8a88cebf9debe8520, June 13!).

That sucks because that means that any branch forked before that is not
mergeable.  That includes at least ‘core-updates’ (but there are few
commits there, so it can be rebased, I think.)

I don’t think we can relax the relation check with the introductory
commit or we’d allow jumping anywhere.

Thoughts?

Ludo’.




^ permalink raw reply	[flat|nested] 15+ messages in thread

* bug#41908: guix time-machine fails; XXXX is not related to introductory commit of channel 'guix'
  2020-06-19 21:17 ` Ludovic Courtès
@ 2020-06-19 23:22   ` zimoun
  2020-06-20 10:40     ` Ludovic Courtès
  2020-06-20 13:58   ` Marius Bakke
  2020-06-21 15:43   ` Ludovic Courtès
  2 siblings, 1 reply; 15+ messages in thread
From: zimoun @ 2020-06-19 23:22 UTC (permalink / raw)
  To: Ludovic Courtès, Jan Nieuwenhuizen; +Cc: 41908

Hi Ludo,

On Fri, 19 Jun 2020 at 23:17, Ludovic Courtès <ludo@gnu.org> wrote:

> (+Cc: Marius.)

Not sure you +CC'ed Marius. So I did.

> I think ‘commit-relation’ is right: the two commits are unrelated.
>
> AIUI, commit 36640207c9543e48cd6daa92930f023f80065a5d was made on master
> (May 29) after commit 9edb3f66fd807b096b48283debdcddccfea34bad (May
> 26).  Thus, they really existed in different branches, and they’re
> unrelated.
>
> So we probably need to choose another introductory commit, one on
> ‘master’, and that has to be the merge commit for ‘staging’
> (8ab70bae52f8d4b6356ec3b8a88cebf9debe8520, June 13!).
>
> That sucks because that means that any branch forked before that is not
> mergeable.  That includes at least ‘core-updates’ (but there are few
> commits there, so it can be rebased, I think.)
>
> I don’t think we can relax the relation check with the introductory
> commit or we’d allow jumping anywhere.

I do not know if I add noise but below what I observed and it is not
what I am expecting.

For the record, the commit history.  Maybe I misread, well I think the
first 2 commits used for pulling and the 5 others used for time-machine
are/were each on the same branch, i.e. they are related (direct path),
and the 2 groups (pull vs time-machine) are/were not in the same branch.
And I do not think the issue comes from the branching.

--8<---------------cut here---------------start------------->8---
559491ea5b * gnu: Transmission: Clean up the package definition.
e7a7a483bc * gnu: papirus-icon-theme: Update to 20200602.
[...]
41a2d6a8b9 * gnu: emacs-evil: Update to 1.14.0.
[...]
e70e097882 * size: Document that positional arguments can be store items.
[...]
b56cbe8974 * syscalls: Properly match %HOST-TYPE.
36640207c9 * quirks: Build 'compute-guix-derivation' modules with 2.2 when needed.
60b81ec2f3 * gnu: emacs-2048-game: Update home page.
--8<---------------cut here---------------end--------------->8---

This first sequence appears expected:

--8<---------------cut here---------------start------------->8---
guix pull --commit=e7a7a483bc -p /tmp/a
cat ~/.cache/guix/authentication/channels/guix
cat: /home/simon/.cache/guix/authentication/channels/guix: No such file or directory

/tmp/a/bin/guix time-machine --commit=36640207c9 -- help
Updating channel 'guix' from Git repository at 'https://git.savannah.gnu.org/git/guix.git'...
Authenticating channel 'guix', commits 9edb3f6 to 3664020 (664 new commits)...
cat ~/.cache/guix/authentication/channels/guix
;; List of previously-authenticated commits.

("36640207c9543e48cd6daa92930f023f80065a5d")

/tmp/a/bin/guix time-machine --commit=b56cbe8974 -- help
Updating channel 'guix' from Git repository at 'https://git.savannah.gnu.org/git/guix.git'...
Authenticating channel 'guix', commits 9edb3f6 to b56cbe8 (1 new commits)...
cat ~/.cache/guix/authentication/channels/guix
;; List of previously-authenticated commits.

("b56cbe8974c328a6c7bc28906478ef1b191ada4c"
 "36640207c9543e48cd6daa92930f023f80065a5d")
--8<---------------cut here---------------end--------------->8---

Then this one is not for me:

--8<---------------cut here---------------start------------->8---
/tmp/a/bin/guix time-machine --commit=60b81ec2f3 -- help
Updating channel 'guix' from Git repository at 'https://git.savannah.gnu.org/git/guix.git'...
guix time-machine: error: '60b81ec2f324c18d026e9ae05199493bc644960b' is not related to introductory commit of channel 'guix'

/tmp/a/bin/guix time-machine --commit=b56cbe8974 -- help
Updating channel 'guix' from Git repository at 'https://git.savannah.gnu.org/git/guix.git'...
guix time-machine: error: 'b56cbe8974c328a6c7bc28906478ef1b191ada4c' is not related to introductory commit of channel 'guix'

/tmp/a/bin/guix time-machine --commit=36640207c9 -- help
Updating channel 'guix' from Git repository at 'https://git.savannah.gnu.org/git/guix.git'...
guix time-machine: error: '36640207c9543e48cd6daa92930f023f80065a5d' is not related to introductory commit of channel 'guix'
--8<---------------cut here---------------end--------------->8---

Why I cannot go to 60b81ec2f3?  I mean I cannot go before the first
time-machine I did which is unexpected for me.

Why I cannot re-do the same time-machine twice?


I pull again but it is not the point. :-)

--8<---------------cut here---------------start------------->8---
guix pull --commit=559491ea5b -p /tmp/b
cat ~/.cache/guix/authentication/channels/guix
;; List of previously-authenticated commits.

("b56cbe8974c328a6c7bc28906478ef1b191ada4c"
 "36640207c9543e48cd6daa92930f023f80065a5d")

/tmp/b/bin/guix time-machine --commit=36640207c9 -- help
Updating channel 'guix' from Git repository at 'https://git.savannah.gnu.org/git/guix.git'...
guix time-machine: error: '36640207c9543e48cd6daa92930f023f80065a5d' is not related to introductory commit of channel 'guix'

/tmp/b/bin/guix time-machine --commit=41a2d6a8b9 -- help
Updating channel 'guix' from Git repository at 'https://git.savannah.gnu.org/git/guix.git'...
Authenticating channel 'guix', commits 9edb3f6 to 41a2d6a (7 new commits)...
cat ~/.cache/guix/authentication/channels/guix
;; List of previously-authenticated commits.

("41a2d6a8b9294a6eb8e97aaefd569e755f5f461e"
 "b56cbe8974c328a6c7bc28906478ef1b191ada4c"
 "36640207c9543e48cd6daa92930f023f80065a5d")

/tmp/b/bin/guix time-machine --commit=e70e097882 -- help
Updating channel 'guix' from Git repository at 'https://git.savannah.gnu.org/git/guix.git'...
guix time-machine: error: 'e70e097882699865f63eabc5fb29b4fe4468a97b' is not related to introductory commit of channel 'guix'
--8<---------------cut here---------------end--------------->8---

Well, again it is not expected for me that 36640207c9 is not reachable
even it is already authenticated.  But it is similar than previously, I
guess.

However, because 41a2d6a8b9 is descendant, then it is reachable.  The
surprise to me is that e70e097882 which is in direct relation between
the two authenticated commits 41a2d6a8b9 and b56cbe8974 is not
reachable.

BTW, from a security perspective, it is easy to cheat by removing some
commits so the file ~/.cache/guix/authentication/channels/guix should be
protected: read-only and only writable by the daemon.


Cheers,
simon




^ permalink raw reply	[flat|nested] 15+ messages in thread

* bug#41908: guix time-machine fails; XXXX is not related to introductory commit of channel 'guix'
  2020-06-19 23:22   ` zimoun
@ 2020-06-20 10:40     ` Ludovic Courtès
  2020-06-21 16:17       ` zimoun
  0 siblings, 1 reply; 15+ messages in thread
From: Ludovic Courtès @ 2020-06-20 10:40 UTC (permalink / raw)
  To: zimoun; +Cc: 41908

Hi,

Ah yes, what you observed is interesting.  If you first travel to a
current-ish commit, it gets properly authenticated and cached.

From then on, since 36640207c9543e48cd6daa92930f023f80065a5d is in the
closure of the commit you just pulled, it’s authenticated, and you can
travel back to it.  It makes perfect sense.

Conversely, if you try to go directly to
36640207c9543e48cd6daa92930f023f80065a5d (e.g., with an empty cache),
all we can say is that we can’t authenticate it because it’s unrelated
to the introductory commit.

So it’s logical, even if surprising.  It also means that the problem
sort of “goes away” by itself.

zimoun <zimon.toutoune@gmail.com> skribis:

> BTW, from a security perspective, it is easy to cheat by removing some
> commits so the file ~/.cache/guix/authentication/channels/guix should be
> protected: read-only and only writable by the daemon.

It’s 600 of course.  What we could do is ignore it if it’s not 600 when
we open it.

Crucially: we cannot and should not restrict what the user can do for
the sake of security.  Users can pass ‘--disable-authentication’, they
can run binaries taken from the net, whatever; it’s their machine.

Thanks,
Ludo’.




^ permalink raw reply	[flat|nested] 15+ messages in thread

* bug#41908: guix time-machine fails; XXXX is not related to introductory commit of channel 'guix'
  2020-06-19 21:17 ` Ludovic Courtès
  2020-06-19 23:22   ` zimoun
@ 2020-06-20 13:58   ` Marius Bakke
  2020-06-21 15:43   ` Ludovic Courtès
  2 siblings, 0 replies; 15+ messages in thread
From: Marius Bakke @ 2020-06-20 13:58 UTC (permalink / raw)
  To: Ludovic Courtès, Jan Nieuwenhuizen; +Cc: 41908

[-- Attachment #1: Type: text/plain, Size: 2350 bytes --]

Ludovic Courtès <ludo@gnu.org> writes:

> Hi,
>
> (+Cc: Marius.)
>
> Jan Nieuwenhuizen <janneke@gnu.org> skribis:
>
>> $ guix pull --commit=559491ea5b36b89b2a2f9d48dacf6a2d7e219910
>> Updating channel 'guix' from Git repository at 'https://git.savannah.gnu.org/git/guix.git'...
>> Building from this channel:
>>   guix      https://git.savannah.gnu.org/git/guix.git	559491e
>> [...]
>> hint: Run `guix pull --news' to read all the news.
>>
>> 11:23:19 janneke@dundal:~/src/guix/master
>> $ guix time-machine --commit=36640207c9543e48cd6daa92930f023f80065a5d -- environment hello
>> Updating channel 'guix' from Git repository at 'https://git.savannah.gnu.org/git/guix.git'...
>> guix time-machine: error: '36640207c9543e48cd6daa92930f023f80065a5d' is not related to introductory commit of channel 'guix'
>>
>> [1]11:23:25 janneke@dundal:~/src/guix/master
>> git log --pretty=oneline | grep 36640207c9543e48cd6daa92930f023f80065a5d
>> 36640207c9543e48cd6daa92930f023f80065a5d quirks: Build 'compute-guix-derivation' modules with 2.2 when needed.
>
> I think ‘commit-relation’ is right: the two commits are unrelated.
>
> AIUI, commit 36640207c9543e48cd6daa92930f023f80065a5d was made on master
> (May 29) after commit 9edb3f66fd807b096b48283debdcddccfea34bad (May
> 26).  Thus, they really existed in different branches, and they’re
> unrelated.
>
> So we probably need to choose another introductory commit, one on
> ‘master’, and that has to be the merge commit for ‘staging’
> (8ab70bae52f8d4b6356ec3b8a88cebf9debe8520, June 13!).
>
> That sucks because that means that any branch forked before that is not
> mergeable.  That includes at least ‘core-updates’ (but there are few
> commits there, so it can be rebased, I think.)
>
> I don’t think we can relax the relation check with the introductory
> commit or we’d allow jumping anywhere.
>
> Thoughts?

Uff, sorry for the incomplete 'staging' rebase.  I did not realize that
.guix-authorizations was missing completely in the earlier commits of
that branch; I only focused on getting Brice's commit authorized.

Yes core-updates needs to be rebased too because of this.  And yes, not
a lot of commits yet.  So let's move the introductory commit and rebase
core-updates on top, I can take care of the latter in a few days.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 487 bytes --]

^ permalink raw reply	[flat|nested] 15+ messages in thread

* bug#41908: guix time-machine fails; XXXX is not related to introductory commit of channel 'guix'
  2020-06-19 21:17 ` Ludovic Courtès
  2020-06-19 23:22   ` zimoun
  2020-06-20 13:58   ` Marius Bakke
@ 2020-06-21 15:43   ` Ludovic Courtès
  2020-06-21 16:18     ` zimoun
  2020-06-22  8:54     ` zimoun
  2 siblings, 2 replies; 15+ messages in thread
From: Ludovic Courtès @ 2020-06-21 15:43 UTC (permalink / raw)
  To: Jan Nieuwenhuizen; +Cc: 41908-done

Hi, Sunday hackers!

Ludovic Courtès <ludo@gnu.org> skribis:

> Jan Nieuwenhuizen <janneke@gnu.org> skribis:
>
>> $ guix pull --commit=559491ea5b36b89b2a2f9d48dacf6a2d7e219910
>> Updating channel 'guix' from Git repository at 'https://git.savannah.gnu.org/git/guix.git'...
>> Building from this channel:
>>   guix      https://git.savannah.gnu.org/git/guix.git	559491e
>> [...]
>> hint: Run `guix pull --news' to read all the news.
>>
>> 11:23:19 janneke@dundal:~/src/guix/master
>> $ guix time-machine --commit=36640207c9543e48cd6daa92930f023f80065a5d -- environment hello
>> Updating channel 'guix' from Git repository at 'https://git.savannah.gnu.org/git/guix.git'...
>> guix time-machine: error: '36640207c9543e48cd6daa92930f023f80065a5d' is not related to introductory commit of channel 'guix'
>>
>> [1]11:23:25 janneke@dundal:~/src/guix/master
>> git log --pretty=oneline | grep 36640207c9543e48cd6daa92930f023f80065a5d
>> 36640207c9543e48cd6daa92930f023f80065a5d quirks: Build 'compute-guix-derivation' modules with 2.2 when needed.
>
> I think ‘commit-relation’ is right: the two commits are unrelated.
>
> AIUI, commit 36640207c9543e48cd6daa92930f023f80065a5d was made on master
> (May 29) after commit 9edb3f66fd807b096b48283debdcddccfea34bad (May
> 26).  Thus, they really existed in different branches, and they’re
> unrelated.

Thinking more about it, I think the test that leads to the error above
is in fact bogus (that’s what you were hinting at, Simon).  Namely, it
reads:

    (define commits
      ;; Commits to authenticate, excluding the closure of
      ;; AUTHENTICATED-COMMITS.
      (commit-difference end-commit start-commit
                         authenticated-commits))

     ;; When COMMITS is empty, it's either because AUTHENTICATED-COMMITS
     ;; contains END-COMMIT or because END-COMMIT is not a descendant of
     ;; START-COMMIT.  Check that.

But that’s wrong: If START-COMMIT and END-COMMIT are unrelated, then
‘commit-difference’ will return a whole lot of commits (those who are
not both in the closure of START-COMMIT and that of END-COMMIT).

The difference between 36640207c9543e48cd6daa92930f023f80065a5d and
9edb3f66fd807b096b48283debdcddccfea34bad is a set of 664 commits, as
shown with “git log --oneline 9edb3f6..3664020 | wc -l” or by calling
‘commit-difference’.

Those 664 commits are those that were made on master between
9edb3f66fd807b096b48283debdcddccfea34bad’s parent on master, and
36640207c9543e48cd6daa92930f023f80065a5d.  They can be authenticated
just fine.

If someone passed ‘--allow-downgrades’ and tries to jump to an unrelated
commit, authentication will fail on some commit.  So I think the test
was just enforcing an additional restriction that was unnecessary.

I removed that test in e4a4287c5fb51c0e47431606df5ee78b953d71f8; we can
keep the introductory commit unchanged, all is good!  Let me know what
you think.

Thanks,
Ludo’.




^ permalink raw reply	[flat|nested] 15+ messages in thread

* bug#41908: guix time-machine fails; XXXX is not related to introductory commit of channel 'guix'
  2020-06-20 10:40     ` Ludovic Courtès
@ 2020-06-21 16:17       ` zimoun
  2020-06-22  8:01         ` Ludovic Courtès
  0 siblings, 1 reply; 15+ messages in thread
From: zimoun @ 2020-06-21 16:17 UTC (permalink / raw)
  To: Ludovic Courtès; +Cc: 41908

Hi Ludo,

On Sat, 20 Jun 2020 at 12:40, Ludovic Courtès <ludo@gnu.org> wrote:
> zimoun <zimon.toutoune@gmail.com> skribis:

>> BTW, from a security perspective, it is easy to cheat by removing some
>> commits so the file ~/.cache/guix/authentication/channels/guix should be
>> protected: read-only and only writable by the daemon.
>
> It’s 600 of course.  What we could do is ignore it if it’s not 600 when
> we open it.

This could help. :-)


> Crucially: we cannot and should not restrict what the user can do for
> the sake of security.  Users can pass ‘--disable-authentication’, they
> can run binaries taken from the net, whatever; it’s their machine.

Well, I have not thought deeply to an attack, but the point is to
protect the user when they runs "guix pull" alone i.e., they can trust
the server.  An attack could be for example an email with an attachment,
click, then boum: tweak ~/.config/guix/channels.scm and
~/.cache/guix/authentication/channels/guix, then the user runs "guix
pull" which the expectation that everything is checked and
authenticated and in fact no, they is talking to malicious server.


Cheers,
simon




^ permalink raw reply	[flat|nested] 15+ messages in thread

* bug#41908: guix time-machine fails; XXXX is not related to introductory commit of channel 'guix'
  2020-06-21 15:43   ` Ludovic Courtès
@ 2020-06-21 16:18     ` zimoun
  2020-06-22  8:54     ` zimoun
  1 sibling, 0 replies; 15+ messages in thread
From: zimoun @ 2020-06-21 16:18 UTC (permalink / raw)
  To: Ludovic Courtès, Jan Nieuwenhuizen; +Cc: 41908-done

Hi Ludo,

On Sun, 21 Jun 2020 at 17:43, Ludovic Courtès <ludo@gnu.org> wrote:

> I removed that test in e4a4287c5fb51c0e47431606df5ee78b953d71f8; we can
> keep the introductory commit unchanged, all is good!  Let me know what
> you think.





^ permalink raw reply	[flat|nested] 15+ messages in thread

* bug#41908: guix time-machine fails; XXXX is not related to introductory commit of channel 'guix'
  2020-06-21 16:17       ` zimoun
@ 2020-06-22  8:01         ` Ludovic Courtès
  0 siblings, 0 replies; 15+ messages in thread
From: Ludovic Courtès @ 2020-06-22  8:01 UTC (permalink / raw)
  To: zimoun; +Cc: 41908

Hi,

zimoun <zimon.toutoune@gmail.com> skribis:

> On Sat, 20 Jun 2020 at 12:40, Ludovic Courtès <ludo@gnu.org> wrote:
>> zimoun <zimon.toutoune@gmail.com> skribis:
>
>>> BTW, from a security perspective, it is easy to cheat by removing some
>>> commits so the file ~/.cache/guix/authentication/channels/guix should be
>>> protected: read-only and only writable by the daemon.
>>
>> It’s 600 of course.  What we could do is ignore it if it’s not 600 when
>> we open it.
>
> This could help. :-)

Done in 41939c374a3ef421d2d4c6453c327a9cd7af4ce5.

>> Crucially: we cannot and should not restrict what the user can do for
>> the sake of security.  Users can pass ‘--disable-authentication’, they
>> can run binaries taken from the net, whatever; it’s their machine.
>
> Well, I have not thought deeply to an attack, but the point is to
> protect the user when they runs "guix pull" alone i.e., they can trust
> the server.  An attack could be for example an email with an attachment,
> click, then boum: tweak ~/.config/guix/channels.scm and
> ~/.cache/guix/authentication/channels/guix, then the user runs "guix
> pull" which the expectation that everything is checked and
> authenticated and in fact no, they is talking to malicious server.

I don’t really see how the attachment would modify a local file, but
even if that’s a possibility, it’s beyond the scope of Guix: we cannot
prevent users from shooting themselves in the foot.

Ludo’.




^ permalink raw reply	[flat|nested] 15+ messages in thread

* bug#41908: guix time-machine fails; XXXX is not related to introductory commit of channel 'guix'
  2020-06-21 15:43   ` Ludovic Courtès
  2020-06-21 16:18     ` zimoun
@ 2020-06-22  8:54     ` zimoun
  2020-06-23  7:35       ` Ludovic Courtès
  1 sibling, 1 reply; 15+ messages in thread
From: zimoun @ 2020-06-22  8:54 UTC (permalink / raw)
  To: Ludovic Courtès, Jan Nieuwenhuizen; +Cc: 41908-done

Hi Ludo,

On Sun, 21 Jun 2020 at 17:43, Ludovic Courtès <ludo@gnu.org> wrote:

> I removed that test in e4a4287c5fb51c0e47431606df5ee78b953d71f8; we can
> keep the introductory commit unchanged, all is good!  Let me know what
> you think.

Now the sequences never return an error. Nice!

For the record, the history is:

* 41a2d6a8b9 (newer)
* e70e097882 (between)
* 36640207c9 (older)

--8<---------------cut here---------------start------------->8---
$ guix pull --commit=e4a4287c5fb51c0e47431606df5ee78b953d71f8 -p /tmp/c
$ cat ~/.cache/guix/authentication/channels/guix
cat: /home/simon/.cache/guix/authentication/channels/guix: No such file or directory
--8<---------------cut here---------------end--------------->8---

Let consider this first sequence.

--8<---------------cut here---------------start------------->8---
$ /tmp/c/bin/guix time-machine --commit=e70e097882 -- help
Updating channel 'guix' from Git repository at 'https://git.savannah.gnu.org/git/guix.git'...
Authenticating channel 'guix', commits 9edb3f6 to e70e097 (668 new commits)...
$ cat ~/.cache/guix/authentication/channels/guix
;; List of previously-authenticated commits.

("e70e097882699865f63eabc5fb29b4fe4468a97b")

$ /tmp/c/bin/guix time-machine --commit=41a2d6a8b9 -- help
Updating channel 'guix' from Git repository at 'https://git.savannah.gnu.org/git/guix.git'...
Authenticating channel 'guix', commits 9edb3f6 to 41a2d6a (4 new commits)...
$ cat ~/.cache/guix/authentication/channels/guix
;; List of previously-authenticated commits.

("41a2d6a8b9294a6eb8e97aaefd569e755f5f461e"
 "e70e097882699865f63eabc5fb29b4fe4468a97b")

$ /tmp/c/bin/guix time-machine --commit=36640207c9 -- help
Updating channel 'guix' from Git repository at 'https://git.savannah.gnu.org/git/guix.git'...
Usage: guix COMMAND ARGS...

$ cat ~/.cache/guix/authentication/channels/guix
;; List of previously-authenticated commits.

("41a2d6a8b9294a6eb8e97aaefd569e755f5f461e"
 "e70e097882699865f63eabc5fb29b4fe4468a97b")
--8<---------------cut here---------------end--------------->8---

However, the commit 36640207c9 is not considered as authenticated,
right?  So, the older authenticated commit is the first commit used by
time-machine, right?


Let consider this second sequence.

--8<---------------cut here---------------start------------->8---
$ rm ~/.cache/guix/authentication/channels/guix

$ /tmp/c/bin/guix time-machine --commit=36640207c9 -- help
Updating channel 'guix' from Git repository at 'https://git.savannah.gnu.org/git/guix.git'...
Authenticating channel 'guix', commits 9edb3f6 to 3664020 (664 new commits)...

$ /tmp/c/bin/guix time-machine --commit=41a2d6a8b9 -- help
Updating channel 'guix' from Git repository at 'https://git.savannah.gnu.org/git/guix.git'...
Authenticating channel 'guix', commits 9edb3f6 to 41a2d6a (8 new commits)...

$ cat ~/.cache/guix/authentication/channels/guix
;; List of previously-authenticated commits.

("41a2d6a8b9294a6eb8e97aaefd569e755f5f461e"
 "36640207c9543e48cd6daa92930f023f80065a5d")

$ /tmp/c/bin/guix time-machine --commit=e70e097882 -- help
Updating channel 'guix' from Git repository at 'https://git.savannah.gnu.org/git/guix.git'...
Usage: guix COMMAND ARGS...

$ cat ~/.cache/guix/authentication/channels/guix
;; List of previously-authenticated commits.

("41a2d6a8b9294a6eb8e97aaefd569e755f5f461e"
 "36640207c9543e48cd6daa92930f023f80065a5d")
--8<---------------cut here---------------end--------------->8---

The commit e70e097882 between 36640207c9 and 41a2d6a8b9 is not
considered as authenticated, right?


Cheers,
simon




^ permalink raw reply	[flat|nested] 15+ messages in thread

* bug#41908: guix time-machine fails; XXXX is not related to introductory commit of channel 'guix'
  2020-06-22  8:54     ` zimoun
@ 2020-06-23  7:35       ` Ludovic Courtès
  2020-06-23  8:42         ` zimoun
  0 siblings, 1 reply; 15+ messages in thread
From: Ludovic Courtès @ 2020-06-23  7:35 UTC (permalink / raw)
  To: zimoun; +Cc: 41908-done

Hi Simon,

zimoun <zimon.toutoune@gmail.com> skribis:

> $ /tmp/c/bin/guix time-machine --commit=36640207c9 -- help
> Updating channel 'guix' from Git repository at 'https://git.savannah.gnu.org/git/guix.git'...
> Usage: guix COMMAND ARGS...
>
> $ cat ~/.cache/guix/authentication/channels/guix
> ;; List of previously-authenticated commits.
>
> ("41a2d6a8b9294a6eb8e97aaefd569e755f5f461e"
>  "e70e097882699865f63eabc5fb29b4fe4468a97b")
>
>
> However, the commit 36640207c9 is not considered as authenticated,
> right?  So, the older authenticated commit is the first commit used by
> time-machine, right?

Note that it’s the closure of the commits listed in the cache that’s
considered authenticated.  So not every commit is listed.

Does that make sense?

Ludo’.




^ permalink raw reply	[flat|nested] 15+ messages in thread

* bug#41908: guix time-machine fails; XXXX is not related to introductory commit of channel 'guix'
  2020-06-23  7:35       ` Ludovic Courtès
@ 2020-06-23  8:42         ` zimoun
  2020-06-23  8:53           ` Ludovic Courtès
  0 siblings, 1 reply; 15+ messages in thread
From: zimoun @ 2020-06-23  8:42 UTC (permalink / raw)
  To: Ludovic Courtès; +Cc: 41908-done

Hi Ludo,

On Tue, 23 Jun 2020 at 09:35, Ludovic Courtès <ludo@gnu.org> wrote:
> Hi Simon,
>
> zimoun <zimon.toutoune@gmail.com> skribis:
>
>> $ /tmp/c/bin/guix time-machine --commit=36640207c9 -- help
>> Updating channel 'guix' from Git repository at 'https://git.savannah.gnu.org/git/guix.git'...
>> Usage: guix COMMAND ARGS...
>>
>> $ cat ~/.cache/guix/authentication/channels/guix
>> ;; List of previously-authenticated commits.
>>
>> ("41a2d6a8b9294a6eb8e97aaefd569e755f5f461e"
>>  "e70e097882699865f63eabc5fb29b4fe4468a97b")
>>
>>
>> However, the commit 36640207c9 is not considered as authenticated,
>> right?  So, the older authenticated commit is the first commit used by
>> time-machine, right?
>
> Note that it’s the closure of the commits listed in the cache that’s
> considered authenticated.  So not every commit is listed.
>
> Does that make sense?

Just to be sure to understand:

 1- * 41a2d6a8b9 (newer)
 2- * e70e097882 (between)
 3- * 36640207c9 (older)
 4- * xxxxxxxxxx (first authenticated commit)

From a fresh cache,

 a) if #2 is authenticated, because it is descendant of #4, it is stored
 and all the commits between (closure), i.e., #3 should be considered as
 authenticated.

 b) then if #1 is authenticated, because it is a descendant of the last
 authenticated i.e. #2, it is stored in the cache.

 c) now let try #3.  It is considered authenticated because in the closure
 of #4 and #2.

Yes it makes sense.  All is good. :-)

(And the assumption is: if Guix does not raise then it means that the
commit is authenticated.)


Cheers,
simon




^ permalink raw reply	[flat|nested] 15+ messages in thread

* bug#41908: guix time-machine fails; XXXX is not related to introductory commit of channel 'guix'
  2020-06-23  8:42         ` zimoun
@ 2020-06-23  8:53           ` Ludovic Courtès
  0 siblings, 0 replies; 15+ messages in thread
From: Ludovic Courtès @ 2020-06-23  8:53 UTC (permalink / raw)
  To: zimoun; +Cc: 41908-done

zimoun <zimon.toutoune@gmail.com> skribis:

> Just to be sure to understand:
>
>  1- * 41a2d6a8b9 (newer)
>  2- * e70e097882 (between)
>  3- * 36640207c9 (older)
>  4- * xxxxxxxxxx (first authenticated commit)
>
> From a fresh cache,
>
>  a) if #2 is authenticated, because it is descendant of #4, it is stored
>  and all the commits between (closure), i.e., #3 should be considered as
>  authenticated.
>
>  b) then if #1 is authenticated, because it is a descendant of the last
>  authenticated i.e. #2, it is stored in the cache.
>
>  c) now let try #3.  It is considered authenticated because in the closure
>  of #4 and #2.
>
> Yes it makes sense.  All is good. :-)

Yup, looks correct.  :-)

> (And the assumption is: if Guix does not raise then it means that the
> commit is authenticated.)

Exactly.  I know it’s disappointing, but it’s one of these features
that’s pretty much invisible until you run into troubles.

Ludo’.




^ permalink raw reply	[flat|nested] 15+ messages in thread

end of thread, other threads:[~2020-06-23  8:54 UTC | newest]

Thread overview: 15+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-06-17  9:27 bug#41908: guix time-machine fails; XXXX is not related to introductory commit of channel 'guix' Jan Nieuwenhuizen
2020-06-18 22:29 ` zimoun
2020-06-18 23:02   ` zimoun
2020-06-19 21:17 ` Ludovic Courtès
2020-06-19 23:22   ` zimoun
2020-06-20 10:40     ` Ludovic Courtès
2020-06-21 16:17       ` zimoun
2020-06-22  8:01         ` Ludovic Courtès
2020-06-20 13:58   ` Marius Bakke
2020-06-21 15:43   ` Ludovic Courtès
2020-06-21 16:18     ` zimoun
2020-06-22  8:54     ` zimoun
2020-06-23  7:35       ` Ludovic Courtès
2020-06-23  8:42         ` zimoun
2020-06-23  8:53           ` Ludovic Courtès

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).